Published: 21/09/2016 Updated: 28/11/2016

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The m_authenticate function in modules/m_sasl.c in Charybdis prior to 3.5.3 allows remote malicious users to spoof certificate fingerprints and consequently log in as another user via a crafted AUTHENTICATE parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian debian linux 8.0
charybdis project charybdis

Debian Bug report logs - #836714 charybdis: CVE-2016-7143: certificate fingerprint spoofing through crafted SASL messages Package: src:charybdis; Maintainer for src:charybdis is Antoine Beaupré <anarcat@debianorg>; Reported by: Antoine Beaupré <anarcat@debianorg> Date: Sun, 4 Sep 2016 21:39:01 UTC Severity: crit ...

It was discovered that incorrect SASL authentication in the Charybdis IRC server may lead to users impersonating other users For the stable distribution (jessie), this problem has been fixed in version 342-5+deb8u2 For the unstable distribution (sid), this problem has been fixed in version 353-1 We recommend that you upgrade your charybdis p ...

CWE-285 http://www.openwall.com/lists/oss-security/2016/09/05/8 http://www.debian.org/security/2016/dsa-3661 https://github.com/charybdis-ircd/charybdis/commit/818a3fda944b26d4814132cee14cfda4ea4aa824 http://www.openwall.com/lists/oss-security/2016/09/04/3 https://github.com/charybdis-ircd/charybdis/blob/charybdis-3.5.3/NEWS.md http://www.securityfocus.com/bid/92761 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=836714 https://nvd.nist.gov https://www.debian.org/security/./dsa-3661

CVE-2016-7143

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect